RFC Errata

Errata Search

Source of RFC  
Summary Table Full Records

RFC 6844, "DNS Certification Authority Authorization (CAA) Resource Record", January 2013

Note: This RFC has been obsoleted by RFC 8659

Source of RFC: pkix (sec)

Errata ID: 4070
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: JINMEI Tatuya
Date Reported: 2014-08-05
Held for Document Update by: Kathleen Moriarty
Date Held: 2014-09-04

Section 3 says:

   $ORIGIN example.com
   .       CAA 0 issue "ca.example.net"

It should say:

   $ORIGIN example.com.
           CAA 0 issue "ca.example.net"


The original text is obviously incorrect (or at least something not really intended) in that the owner name is absolute. It just doesn't make sense to use $ORIGIN if we use an absolute owner name for the actual RR. The "corrected text" is one representation of what I guess the author really intended.

There are other instances of the same kind of this error in this section, but I don't bother to list all of them as it should be obvious and the sense of the "fix" should be the same.

From the verification of the errata:
The errata is correct as reported with the following caveat, some implementations of DNS presentation format assume all $ORIGIN statements are Fully Qualified Domain Names,
but others do not and those will take the domain name and append to it current origin.
Thus the trailing dot removes any ambiguity that the name specified is FQDN.

Report New Errata

Advanced Search